티스토리 뷰
한서버에 한개이상의 ssl 인증서 확장하여 사용하기.
Nginx enabling TLS SNI(Server Name Indication) support enabled 를 하기위헤 아래의 절차가 필요합니다.
설치환경
OS : centos 5.8
nginx : 1.2.8
step1. 환경설정
$ cd /usr/src
$ mkdir -p /usr/src/redhat/SPECS
$ wget http://www.openssl.org/source/openssl-0.9.8l.tar.gz
$ tar xvfztar xvfz openssl-0.9.8l.tar.gz
$ yum install rpm-build
$ cd /usr/src/redhat/SPECS
$ wget 'http://nginx.org/packages/centos/5/SRPMS/nginx-1.2.8-1.el5.ngx.src.rpm'
$ rpm -Uvh nginx-1.2.8-1.el5.ngx.src.rpm
vim /usr/src/redhat/SPECS/nginx.spec
#make %{?_smp_mflags}
make
./configure \
--prefix=%{_sysconfdir}/nginx \
--sbin-path=%{_sbindir}/nginx \
--conf-path=%{_sysconfdir}/nginx/nginx.conf \
--error-log-path=%{_localstatedir}/log/nginx/error.log \
--http-log-path=%{_localstatedir}/log/nginx/access.log \
--pid-path=%{_localstatedir}/run/nginx.pid \
--lock-path=%{_localstatedir}/run/nginx.lock \
--http-client-body-temp-path=%{_localstatedir}/cache/nginx/client_temp \
--http-proxy-temp-path=%{_localstatedir}/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=%{_localstatedir}/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=%{_localstatedir}/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=%{_localstatedir}/cache/nginx/scgi_temp \
--user=%{nginx_user} \
--group=%{nginx_group} \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-mail \
--with-mail_ssl_module \
--with-file-aio \
--with-ipv6 \
--with-openssl=/usr/src/openssl-0.9.8l/ \
--with-openssl-opt=enable-tlsext \
--with-cc-opt="%{optflags} $(pcre-config --cflags)" \
step2. rpm build
$ rpmbuild -ba nginx.spec
오류: Failed build dependencies:
zlib-devel is needed by nginx-1.2.8-1.ngx.x86_64
pcre-devel is needed by nginx-1.2.8-1.ngx.x86_64
openssl-devel is needed by nginx-1.2.8-1.ngx.x86_64
$ yum install zlib-devel pcre-devel openssl-devel -y
$ rpmbuild -ba nginx.spec
compile 완료 후
$ cd /usr/src/redhat/RPMS/x86_64
$ rpm -ivh nginx-1.2.8-1.ngx.x86_64.rpm
준비 중... ########################################### [100%]
1:nginx ########################################### [100%]
----------------------------------------------------------------------
Thanks for using NGINX!
Check out our community web site:
* http://nginx.org/en/support.html
If you have questions about commercial support for NGINX please visit:
* http://www.nginx.com/support.html
----------------------------------------------------------------------
$ nginx -V
nginx version: nginx/1.2.8
built by gcc 4.1.2 20080704 (Red Hat 4.1.2-54)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-openssl=/usr/src/openssl-0.9.8l/ --with-openssl-opt=enable-tlsext --with-cc-opt='-O2 -g -m64 -mtune=generic'
위 메세지가 뜨면 성공.
이제 아래와 같이 두개의 인증서 사용가능 WOW!!
nginx.conf
server {
listen 443;
server_name domain.com;
access_log /var/log/nginx/log main;
root /home/public/;
index index.html index.htm;
ssl on;
ssl_certificate /etc/nginx/ssl/com.cert.pem;
ssl_certificate_key /etc/nginx/ssl/com.cert.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location / {
.....
}
}
server {
listen 443;
server_name domain.org;
access_log /var/log/nginx/log main;
root /home/public/;
index index.html index.htm;
ssl on;
ssl_certificate /etc/nginx/ssl/org.cert.pem;
ssl_certificate_key /etc/nginx/ssl/org.cert.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location / {
.....
}
}
[ 출처 : http://www.kutukupret.com/2010/08/30/nginx-enabling-tls-sni-support-on-centos-5/ ]
.by rocksea
댓글
공지사항
최근에 올라온 글
최근에 달린 댓글
- Total
- Today
- Yesterday
TAG
- 해외여행
- maven
- 비교구문
- memcached
- 조동사
- 스페인 여행
- NGINX
- AWS
- PostgreSQL
- Python Django
- 가정법
- 영문법
- 영작
- 비지니스 영어
- 다낭
- ubuntu
- mongoDB
- Python
- 여행
- 베트남
- redis
- k8s
- hdfs
- Business English
- 도덕경
- 대명사 구문
- nodejs
- hadoop
- it
- JBOSS
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 |
글 보관함